How to Disable Root Logins and Use SSH Keys Instead
When it comes to protecting your cloud server, password-based logins—especially for the root user—can leave you vulnerable. At Vivint Host, we recommend replacing root login access with SSH key authentication for a much higher level of security.
In this guide, you'll learn how to:
- Check if your SSH key is already set up
- Generate an SSH key if needed
- Disable root password logins via Web Host Manager (WHM)
- Import and authorize your public SSH key for secure access
Step 1: Check if You Already Have an SSH Key
If you're on a Mac, open Terminal (under Applications → Utilities), and type:
cd ~/.sshAnd then:
ls -lIf you see a file named id_rsa.pub, you already have an SSH public key. To copy it to your clipboard, use:
pbcopy < id_rsa.pubIf no key is found, you can generate a new one by running:
ssh-keygan -t rsa -c "[email protected]"Use your email so you can easily identify the key later. Follow the prompts to finish generating the key.
Step 2: Disable Root Login Access in WHM
To improve server security, disable root access using a password. Here's how to do it through WHM (Web Host Manager):
- Log into your WHM dashboard.
- Navigate to "SSH Password Authorization Tweak" under the Security Center section.
- Click the “Disable Password Auth” button.
This step ensures no one can log in as root with just a password—only authorized SSH keys will be accepted.
Step 3: Import Your Public SSH Key into WHM
Now that root login via password is disabled, you'll need to authorize your SSH key:
- From WHM, go to “Manage root’s SSH Keys” under the Security Center.
- Click “Import Key”.
- Paste your public key (copied earlier or generated) into the appropriate field.
- After importing, click “Manage Authorization” next to your new key.
- Click “Authorize” to activate it.
Connect to Your Server Using SSH Key
Once everything is set up, you can connect to your server securely. Just open your terminal and run:
ssh -p 5622 [email protected] (replace with your server IP)Be sure to replace 5622 with your actual SSH port, and your-server-ip with the correct IP address.
No password required-your SSH key will handle the authentication.
At Vivint Host, we’re committed to keeping your cloud hosting fast, secure, and reliable. By following these steps, you’re taking a crucial step toward locking down your server.
Need help? Our 24/7 expert support is always here to assist you!